Name
certtool
Synopsis
certtool { v | d | D }filename
[h] [v] [d] certtool y [h] [v] [k=keychain
[c [p=password
]]] certtool c [h] [v] [a] [k=keychain
[c [p=password
]]] certtool { r | I }filename
[h] [v] [d] [a] [k=keychain
[c [p=password
]]] certtool ifilename
[h] [v] [d] [a] [k=keychain
[c [p=password
]]] [r=filename
[f={ 1 | 8 | f }]]
Manages X.509 SSL/TLS certificates. It uses the Common Data Security
Architecture (CDSA) in much the same way that
/System/Library/OpenSSL/misc/CA.pl
uses OpenSSL
to ease the process of managing certificates.
As arguments it takes a single-letter command, often followed by a filename, and possibly some options.
Options
-
a
When adding an item to a keychain, create a key pair including a private key with a more restrictive ACL than usual. (The default behavior creates a private key with no additional access restrictions, while specifying this option adds a confirmation requirement to access the private key which only
certtool
is allowed to bypass.)-
c
As a command, walks you through a series of interactive prompts to create a certificate and a public/private key pair to sign and possibly encrypt it. The resulting certificate (in DER format) is stored in your default keychain. (Note that the first prompt, for a
key
and
certificate
label
, is asking for two space-separated items. Common choices are an organization name for the key and a label designating the purpose of the certificate.)As an option, instructs
certtool
to create a new keychain by the name given ...
Get Mac OS X Panther in a Nutshell, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.